Hi,
On Thu, Mar 31, 2022 at 04:38:06PM +0200, David Sommerseth wrote:
> We could "fix" --down now, but I will not recommend it at all. We could
> add the CAP_DAC_OVERRIDE capability. But that's a massive sledge
> hammer, giving read/write access to any file on the system. Only
> security
On 31/03/2022 15:26, Gert Doering wrote:
Hi,
On Thu, Mar 31, 2022 at 03:20:59PM +0200, David Sommerseth wrote:
I've also run a few tests using an --up script which modified
/etc/resolv.conf, which also worked as expected with capabilities enabled.
This is actually an interesting corner case.
Hi,
On Thu, Mar 31, 2022 at 03:20:59PM +0200, David Sommerseth wrote:
> I've also run a few tests using an --up script which modified
> /etc/resolv.conf, which also worked as expected with capabilities enabled.
This is actually an interesting corner case. As far as I understand,
--up runs
On 30/03/2022 22:55, Timo Rothenpieler wrote:
---
Using libcap-ng now
configure.ac | 19 +
distro/systemd/openvpn-cli...@.service.in | 2 +-
distro/systemd/openvpn-ser...@.service.in | 2 +-
src/openvpn/init.c| 25 ++-
On 31/03/2022 13:34, Gert Doering wrote:
Hi,
On Thu, Mar 31, 2022 at 01:29:28PM +0200, Timo Rothenpieler wrote:
That's exactly what the patch does.
Which I very much like :-) (I said that on IRC already, repeating here
for the list archive)
Only difference is that for sitnl, to avoid
Hi,
On Thu, Mar 31, 2022 at 01:29:28PM +0200, Timo Rothenpieler wrote:
> That's exactly what the patch does.
Which I very much like :-) (I said that on IRC already, repeating here
for the list archive)
> Only difference is that for sitnl, to avoid breaking existing setups, it
> will fall back
On 31.03.2022 13:02, Gert Doering wrote:
Hi,
On Thu, Mar 31, 2022 at 12:06:06PM +0200, David Sommerseth wrote:
There is however another related challenge in OpenVPN 2.x, which became
even clearer than be fore with the sitnl implementation we switched over
to on Linux by default with v2.5.
Hi,
On Thu, Mar 31, 2022 at 12:06:06PM +0200, David Sommerseth wrote:
> There is however another related challenge in OpenVPN 2.x, which became
> even clearer than be fore with the sitnl implementation we switched over
> to on Linux by default with v2.5. When using --user/--group without
>
I am willing to work on making the netcfg service even less "OpenVPN 3
centric", and it has a potential to grow towards a generic VPN API on
Linux. The current D-Bus interface it uses is highly inspired by the
Android VPN API. But this won't happen in a short time and not in time
for the
On 31/03/2022 08:53, Jan Just Keijser wrote:
Hi,
On 30/03/22 22:55, Timo Rothenpieler wrote:
---
Using libcap-ng now
sorry to butt in late, but I've got a nasty feeling about this... the
whole purpose of using
--user
is, according to the man page
--user user
Change
Hi,
On 30/03/22 22:55, Timo Rothenpieler wrote:
---
Using libcap-ng now
sorry to butt in late, but I've got a nasty feeling about this... the
whole purpose of using
--user
is, according to the man page
--user user
Change the user ID of the OpenVPN process to user after
11 matches
Mail list logo
